It’s important for all of us to stay informed around the threats that exist in the ever-changing cybersecurity landscape. There is a new type of ransomware, Ryuk, that has been spreading over the past two months and is affecting an ever greater number of organizations. While your organization might not have been impacted by this ransomware, many organizations have – including some with strong cybersecurity programs.
Ransomware attacks like Ryuk are a form of malicious software that encrypt your files using strong cryptography. The attack could occur immediately or lay dormant on your system until a future time. Once your files are encrypted, they’re inaccessible until you pay a ransom for the decryption key to unlock your data.
Ryuk infections appear closely tied to Emotet and Trickbot malware. If these agents have infected your machine, the command and control system behind them can deliver Ryuk to your system, resulting in additional infection and encryption. Both of these agents are typically delivered through malicious emails and phishing attacks.
We recommend that you maintain a multi-layered approach to detect, prevent, and correct ransomware attacks like Ryuk. However, no organization is 100% defended against attack 100% of the time. The best thing we can do to protect ourselves from an attack is to empower you with the information you need to stay vigilant and protected.
Whether you’re at work or at home, here are some things you can do to protect yourself and your device against Ryuk and other similar attacks:
- Don’t trust links or attachments within emails – especially from unknown or unverified outsiders. If you are unsure about an attachment or link in an email, don’t click on it and report to IT helpdesk or the the security team within your organization.
- Don’t store important files or folders on your device. Save them in your company’s approved document management system or shared drive. Organization should have a number of controls within these approved document management systems to identify, correct and recover from ransomware attacks. Storing data locally on your computer could lead to data loss if you fall victim to ransomware or other malware.
- Don’t store data within unsanctioned cloud services. These services are outside the purview of your organization’s controls program and are not approved for official use.
- Do NOT use a personal computer for persistent work with your organization’s resources. Personal PCs and Macs don’t have the same security configuration or tools as your company’s approved device. If your personal device is infected, you could irreparably harm your work environment and the environment of your team members.
Please stay vigilant. Contact us if you need further guidance or assistance with your security program.